use as Sandboxie equivalent
81 views
Skip to first unread message
mant...@gmail.com
Mar 31, 2014, 3:17:24 AM3/31/14
to proo...@googlegroups.com
Is it possible to use proot as a Windows' Sandboxie equivalent (allow reading all files from the host but redirect all writes to the guest).
I've tried with:
proot -r $HOME/Sandbox/ -b / mycmd
I've tried with:
proot -r $HOME/Sandbox/ -b / mycmd
Cédric VINCENT
Mar 31, 2014, 9:58:27 AM3/31/14
to proo...@googlegroups.com
Hello,
On Mon, Mar 31, 2014 at 9:17 AM, <mant...@gmail.com> wrote:
> Is it possible to use proot as a Windows' Sandboxie equivalent (allow
> reading all files from the host but redirect all writes to the guest).
No, it is not [yet] possible to do such a thing. However, we would
like to create a new extension that redirects all write operations to
an alternate location, and that keeps a consistent view of such
virtually modified file-system, à la mbox
http://pdos.csail.mit.edu/~taesoo/pubs/2013/mbox/mbox.pdf
Cédric.
On Mon, Mar 31, 2014 at 9:17 AM, <mant...@gmail.com> wrote:
> Is it possible to use proot as a Windows' Sandboxie equivalent (allow
> reading all files from the host but redirect all writes to the guest).
like to create a new extension that redirects all write operations to
an alternate location, and that keeps a consistent view of such
virtually modified file-system, à la mbox
http://pdos.csail.mit.edu/~taesoo/pubs/2013/mbox/mbox.pdf
Cédric.
Cédric VINCENT
Apr 2, 2014, 3:54:41 AM4/2/14
to proo...@googlegroups.com
Hello,
On Wed, Apr 2, 2014 at 3:55 AM, eadmaster2 <mant...@gmail.com> wrote:
> Thanks for the link to mbox, but i've found currently it is for 64-bit OSes
> only.
Moreover mbox is still a prototype, according to its authors.
> As alternatives i've found Systrace and sydbox, and i'm actually testing
> them for my purpose...
[...]
> They both requires.
They both require "what?" :)
> do you know other alternatives?
Yes, this one : http://www.netfort.gr.jp/~dancer/software/cowdancer.html.en
Regards,
Cédric.
On Wed, Apr 2, 2014 at 3:55 AM, eadmaster2 <mant...@gmail.com> wrote:
> Thanks for the link to mbox, but i've found currently it is for 64-bit OSes
> only.
> As alternatives i've found Systrace and sydbox, and i'm actually testing
> them for my purpose...
> They both requires.
They both require "what?" :)
> do you know other alternatives?
Regards,
Cédric.
eadmaster2
Apr 3, 2014, 3:12:42 AM4/3/14
to proo...@googlegroups.com
systrace has been discontinued since 2009 and Linux support is incomplete.
sydbox compiled on my puppy linux, but has no option for COW.
cowdancer and clones requires you to hardlink all the files to protect, which is a bit time-consuming if you wish to protect all the rootfs!
The other options i've found requires either: chroot (xchroot, glimpse), a specific kernel module (AppArmor), a daemon running in privileged mode (sandfox), or just root priviledges to mount.
Now i'm investigating UMView...
sydbox compiled on my puppy linux, but has no option for COW.
cowdancer and clones requires you to hardlink all the files to protect, which is a bit time-consuming if you wish to protect all the rootfs!
The other options i've found requires either: chroot (xchroot, glimpse), a specific kernel module (AppArmor), a daemon running in privileged mode (sandfox), or just root priviledges to mount.
Now i'm investigating UMView...
Reply all
Reply to author
Forward
0 new messages